Advanced NGINX Extensions

[mpstefan]

trafficstars

As a user of NKG that has a need for an enhancement in the project I want the ability to customize the NGINX configuration for NGF So that I can utilize features that have not yet been exposed via configuration Or so that I can work around a problem that has not yet been solved in NGF, but can be fixed through NGINX configuration.

Background

Our approach to exposing NGINX functionality is two-fold. One, is to take the most frequently used features and configuration changes for NGINX and integrate them with the Gateway API as first-class features in extensions and attachments to the API.

However, as this will take time to work through everything NGINX has to offer, we need a way for our users to access that NGINX functionality immediately. We can do so by offering a method to manually put in the directives they wish to configure and the exact settings needed. While no where near as user friendly, this will unblock any user looking for NGINX functionality that is not yet present in our extensions and attachments to the Gateway API.

Specific Feedback

• Impressions from KubeCon Paris included a general awareness of what Gateway API is capable of at this point and that NGINX can support their use case if they can directly configure it.

Acceptance Criteria

• Users have the ability to customize the NGINX configuration that NGF generates.
• Users have the ability to add NGINX configuration to the configuration that NGF generates.
• The NGINX configuration customization is provided by an extension or attachment to the Gateway API.

### Tasks
- [ ] #815
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2415
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2468
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2416
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2417
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2377
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2373
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2375
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2371

Links

• https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-snippets/
• Prototype
• Overview of customization options in NIC
• Discussion

[mpstefan]

This story is pending a discussion - primarily for support and security.

[mpstefan]

We decided today that we need a short spike to determine a potential technical solution. From there we can assess the amount of effort needed for implementation, security concerns, and support concerns.

[mpstefan]

Received some feedback today from @gallarda around involving RBAC around the snippet functionality currently present in NIC. When we examine this, we should consider utilizing the different levels of resources (primarily Gateway and Routes) to allow users to setup separate access controls for access to nginx customization.

[brianehlert]

Received some feedback today from @gallarda around involving RBAC around the snippet functionality currently present in NIC. When we examine this, we should consider utilizing the different levels of resources (primarily Gateway and Routes) to allow users to setup separate access controls for access to nginx customization.

• the concept of reusable snippets (like a library of snippet functions)
• the concept of then gating who can use which snippets, or even limiting what a snippet can be attached to